Microsoft has introduced passkeys for consumer accounts, marking a pivotal advancement in its decade-long effort to eliminate passwords. Announced on May 2, 2024, the World Password Day, this development is part of the broader Microsoft Entra initiative aimed at simplifying and securing user access across various platforms.
Microsoft says it embarked on a mission to render passwords obsolete a decade ago, beginning with the introduction of Windows Hello and Windows Hello for Business for password-free access to Windows 10. The urgency of this mission has only escalated as password attacks have soared from 115 attacks per second in 2015 to over 4,000 in recent times, illustrating the glaring vulnerabilities associated with traditional password systems.
What are Passkeys and how they’re used
Passkeys represent a more robust alternative to passwords, leveraging a dual-key security mechanism. Unlike passwords, passkeys involve a cryptographic key pair; one key resides securely on the user's device, protected by biometrics or a PIN, while the other is kept with the service or app. This method ensures that the passkey is effective only for its intended site, significantly reducing the risk of phishing attacks.
To use a passkey, users no longer need to remember or enter passwords. Instead, they can access their accounts through biometrics, such as facial recognition or fingerprint scans, or by using a device PIN. This system is already compatible with major platforms like Windows, Google, and Apple, and it allows for seamless synchronization across devices, ensuring that passkeys are easily transferable even when changing devices.
The implementation of passkeys not only boosts security but also enhances user convenience by eliminating the need to create, manage, and remember multiple passwords. This development is expected to significantly reduce the common frustrations associated with password-based authentication, such as the frequent need to reset forgotten passwords or the risks associated with compromised credentials appearing on the dark web.
Creating a passkey is straightforward. Users can initiate the process on their device by following specific instructions provided by Microsoft, choosing their preferred biometric or security option. Once set up, the passkey allows for easy and secure access to frequently used Microsoft services.
Looking ahead, Microsoft plans to extend passkey support to mobile versions of its applications, further integrating this technology into everyday digital interactions.
Flaws in Android Cause Some VPN Apps to Suffer From DNS Leaks
Leave a Reply